[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] End-to-end correlation for fun and profit



On Wed, Aug 22, 2012 at 3:29 AM, Ted Smith <tedks@xxxxxxxxxx> wrote:
> I ran this script on the current consensus. The full results (the
> nodes-sniff-summary file) are below my signature. How did you compile
> the country-codes to IPs list? That wasn't produced by the script.

Manually, using WHOIS and traceroute. This can be done automatically
using GeoIP, but I wanted to be sure in the results (also visited some
hosting sites), and writing a proper program would deviate too much
from the initially intended “quick hack” design.

> It's comforting that this approach yields quickly diminishing returns.
> Going from 25 to 60 networks only gets you a 10% increase in networks
> surveillance (if I'm reading the output correctly), and returns plateau
> entirely at that point (I'm considering about two percent to be in the
> noise, which may not be appropriate to this domain).

That's why I insist that everyone should be a relay by default, even
if there are some theoretical issues that weren't worked out yet [1].
Making everyone a relay also results in a healthier users community (I
think I2P is one), and more intrinsic network growth.

> Also, it's not immediately clear whether eavesdropping those networks
> would actually get you strong enough correlation to accurately
> de-anonymize users[1]. If our rodent(?) friend(s?) could comment on
> this, I'd appreciate their expertise.

Quoting [2] (referenced by fakefake): “Tor has been long suspected,
and later confirmed [11,12], to be vulnerable to an attacker who could
observe both the entry and exit point of a connection through an
anonymity network.”

> I also think that if it were possible for "unsophisticated law
> enforcement" to deanonymize Tor users, they would already do it. If I
> remember correctly, the Tor project gets a lot of requests from law
> enforcement to deanonymize Tor users for them, which indicates that they
> can't do it themselves (Andrew Lewman would be able to say if I'm
> correct or not).

Well, it of course depends on what one calls “unsophisticated”. E.g.,
if one judges by IACIS email dump [3], then most investigators hardly
understand what they are doing when it comes to unfamiliar
technologies (like Tor). So maybe you need them to be “sophisticated”,
after all, but my point was that you don't need something exceptional
like involving state security agencies — i.e., FBI + UK Police + DE
Police + a couple of other countries, coordinating via Interpol does
not sound impossible to me. I will also expand on that in a reply to
Roger.

[1] https://www.torproject.org/docs/faq#EverybodyARelay
[2] http://petworkshop.org/2007/papers/PET2007_preproc_Sampled_traffic.pdf
[3] http://www.theregister.co.uk/2011/11/25/anon_cybercrime_investigator_leak/

-- 
Maxim Kammerer
Liberté Linux: http://dee.su/liberte
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk